CVE-2022-4874 Authenticated bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows unauthenticated user to get access to content.

Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL .css, .png etc. If it exists, it performs a "fake logi...

CVE-2022-4874

CVE-2022-4874 affects Netcomm NF20MESH, NF20 and NL1902 router models. An authentication bypass exists where the app serves static content by checking the URL for specific characters (e.g., .css, .png) and performing a “fake login” to grant a active session, allowing unauthenticated access to con...

Netcomm路由器 授权问题漏洞

The Netcomm NF20, among others, is a router from Netcomm Australia. The Netcomm routers have a security vulnerability that stems from its authentication bypass allowing unauthenticated users to access content. The following models are affected: the NF20MESH, NF20 and NL1902...

CVE-2022-4874

Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL .css, .png etc. If it exists, it performs a “fake logi...

PT-2023-1320 · Netcomm · Netcomm Nf20Mesh +2

Name of the Vulnerable Software and Affected Versions: Netcomm NF20 versions Netcomm NF20MESH versions Netcomm NL1902 versions Description: The issue is related to an authentication bypass in the Netcomm router models. This allows an unauthenticated user to access content. The application checks...

Netcomm路由器 缓冲区错误漏洞

The Netcomm NF20 and Netcomm NF20MESH are both routers from Netcomm Australia. The Netcomm routers have a security vulnerability that stems from its sessionKey parameter that allows an attacker to achieve a stack-based buffer overflow and crash an application at a known location by supplying a...

CVE-2022-4873

On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location. Recent assessments: Assessed...

PT-2022-6233 · Netcomm · Netcomm Nf20Mesh +2

Name of the Vulnerable Software and Affected Versions: Netcomm NF20MESH versions Netcomm NF20 versions Netcomm NL1902 versions Description: A stack-based buffer overflow issue affects the sessionKey parameter, allowing a remote attacker to potentially execute arbitrary code by providing a specifi...

SSL/TLS: Known Compromised/Static Certificate Detection

The remote SSL/TLS service is using an SSL/TLS certificate which is known to be compromised/static e.g. known private keys, used by malware, etc. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

NetComm NWL-25 Device Directory Disclosure Vulnerability

The NetComm NWL-25 is a 4G LTE industrial grade M2M router. A device catalog disclosure vulnerability exists in the NetComm NWL-25 using firmware version 2.0.29.11 and earlier, which can be exploited by an attacker to obtain the device's catalog...

NetComm NWL-25 Cross-Site Request Forgery Vulnerability

The NetComm NWL-25 is a 4G LTE industrial grade M2M router. A cross-site request forgery vulnerability exists in the NetComm NWL-25 using firmware version 2.0.29.11 and earlier, which can be exploited by an attacker to remotely change the password of the device...

NetComm NWL-25 Cross-Site Scripting Vulnerability

The NetComm NWL-25 is a 4G LTE industrial grade M2M router. A cross-site scripting vulnerability exists in the NetComm NWL-25 using firmware version 2.0.29.11 and earlier, which can be exploited by a remote attacker to run arbitrary code on the device...

NetComm NWL-25 Information Disclosure Vulnerability

The NetComm NWL-25 is a 4G LTE industrial grade M2M router. An information disclosure vulnerability exists in the NetComm NWL-25 using firmware version 2.0.29.11 and earlier, which can be exploited by an attacker to access configuration files without authentication...

CVE-2018-14785

NetComm Wireless G LTE Light Industrial M2M Router NWL-25 with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication...

CVE-2018-14782

NetComm Wireless G LTE Light Industrial M2M Router NWL-25 with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user...

CVE-2018-14785

NetComm Wireless G LTE Light Industrial M2M Router NWL-25 with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication...

CVE-2018-14784

NetComm Wireless G LTE Light Industrial M2M Router NWL-25 with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device...

Cross site scripting

NetComm Wireless G LTE Light Industrial M2M Router NWL-25 with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device...

CVE-2018-14782

NetComm Wireless G LTE Light Industrial M2M Router NWL-25 with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user...

Design/Logic Flaw

NetComm Wireless G LTE Light Industrial M2M Router NWL-25 with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user...